Security experts criticize malware list

Just how useful is the Common Malware Enumeration (CME) initiative debuted by U.S.-CERT this autumn?

The system was created to sort out some of the confusion created by the different naming systems used by different security vendors, and to help system administrators deal with outbreaks more effectively. Some security experts have, however, voiced doubts as to how well CME is working in practice.

One complaint is that the system isn't providing much information on malware aside from listing the reference codes used by different security vendors. Such information was promised more than a year ago by the organizers of the CME plan -- U.S.-CERT, the U.S. Department of Homeland Security, and antivirus vendors such as Microsoft, Trend Micro, McAfee and Symantec.

The plan was outlined in an open letter, published by the SANS Institute, in which the organizations said U.S.-CERT would "assign a CME identifier... to each new, unique threat and to include additional incident response information when available".

The goal was "improving the malware information resources available to (antivirus) software users, first responders, and malware analysts -- anyone who depends on accurate, concise information about malware," the letter said.

The letter was in response to criticism voiced in an earlier open letter to the security industry by Chris Mosby, a system administrator, in which he strongly criticized antivirus vendors for adopting "an isolationist attitude" that made it difficult for administrators to deal with complex virus outbreaks. "As the customers that spend money for your products, we should not have to work so hard to figure out if your products are keeping us protected," Mosby wrote.

A year later, the most difficult part of the CME project - distinguishing similar pieces of malicious code from one another - appears to be working. But CME still only provides a basic list of names used by different vendors, without listing details or even including links.

This makes the project of limited use, even compared with similar, independent projects such as Secunia's virus information database, according to SANS Internet Storm Center handler Patrick Nolan.

"Links to technical analysis was a hoped-for outcome for the CME project, since vendors' technical analysis is the critical 'additional incident response information' needed by the people responding to malware outbreaks," Nolan wrote in a recent entry in the ISC diary. "A name by any other name is just a name."

Thomas Kristensen said the lack of links or additional information means CME is of limited use to the general public. "It can only be used by the vendors and others with a specific interest in viruses to more easily identify viruses in other vendors' databases," he said. "It probably does what it was intended to do, and more information would probably exceed the intended purpose."

Such criticisms are beside the point, according to Graham Cluley, senior technology consultant with Sophos Antivirus. "We mustn't criticize it for not being a 100 percent solution, it's a definite step in the right direction," he said. "The most important thing is that its making correlations between the different names."

He said the system would be sure to improve over time. "Linking to more information seems to be an obvious thing they could do," he said.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Matthew Broersma
Show Comments

Cool Tech

SanDisk MicroSDXC™ for Nintendo® Switch™

Learn more >

Breitling Superocean Heritage Chronographe 44

Learn more >

Toys for Boys

Family Friendly

Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K

Learn more >

Stocking Stuffer

Razer DeathAdder Expert Ergonomic Gaming Mouse

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?